Whether you are doing online therapy or not, you are likely text messaging clients in one form or another. Text messaging is more prevalent than any other medium and is used by 4 billion people worldwide.

As a mental health provider, you need to be aware of how to keep your clients safe – i.e., provide privacy for them and the messages that you exchange with them.

After presenting our “Making Online Therapy Work for You: A Therapist’s Complete Guide to Online Therapy” STAR Training on April 9th, I took an online course on text messaging offered by the TeleMental Health Institute and presented by Marlene M. Maheu, executive director of that organization. I’m going to summarize some of her points here. I’ll then talk more about this topic in our next Open Office Hours Q&A Session, being held this Saturday, April 23th… So, bring your questions!

Texts for mental health providers typically fall into two categories:

1. Administrative (appointment scheduling, reminders, etc.); and,
2. Clinical (crisis intervention, safety checks, etc.).

And texts can be one-way or interactive (i.e., involving back-and-forth communication).

Risk Management

Risk management was a major topic of the training I attended, and includes:

1. All legal and ethical rules apply, but the clinician needs to consider how those fit with the technology used.
2. There are four areas of therapist competence to consider: education, training, experience, and consultation. We need to use all four to show competence and, if there is ever a legal issue, we can bolster our case via such competence. Georgia was recently (October, 2015) the first state to require six hours of training before clinicians can work with any communication technologies.
3. Informed consent must be given, certainly at intake, but also as needed throughout the work. Apprise clients of your policies regarding text messaging and talk in detail with them about this. Have them sign your form and document that you had this discussion.
4. Inter-jurisdictional boundaries must be considered when texting clients. The laws of the state a client is in at the time of texting are the laws that apply, like with a driver’s license when you are traveling. California driver’s license laws don’t apply if you have an accident in Indiana. Ask your client where he/she is. Best practice: provide service via text only where you are licensed.
5. Regarding HIPPA client privacy, the liability is in our laps to be HIPPA compliant and choose vendors and apps that are. Privacy is the most important aspect when using tele-communication tools with our clients and for texting includes a list of 18 items to not divulge including: client’s name, address, phone #, email address, website URL, photographs, and anything else that could ID that individual. California and Texas have more stringent codes and require a text messaging service that is compliant with HIPPA. (You can find a list of HIPPA-compliant texting programs on TeleMental Health Institute’s website.)
6. Text messages can’t be erased. They remain on a phone’s SIM card or on the phones themselves. So, think about what you’re writing before your text, and definitely before you press “Send.”
7. You must password protect your phone. Some organizations require dedicated devices be used for work with clients. However, this has yet to be state mandated.
8. Write out your policies regarding text messaging and run them by your malpractice carrier and your professional association attorney if there isn’t already a standard form for this. This will likely be a good prompt for them to provide one.

Remedies for Breaches of Confidentiality

If your phone is stolen, making sure it is password protected beforehand can help protect you. Be sure to change your password often and use apps that provide privacy for text messaging.

If you lose your phone or it is breached in any way (i.e., your child or grandchild reads the messages), then you have to notify the involved patient(s) in writing. If there are more than 500 breaches (names on a device), then you have to put an ad in a print publication stating the problem. (These are HIPPA rules.)

Biometric authentication is on the rise. Take advantage of it and use an encrypted device – and you have to buy this service separately. Encryption doesn’t come with the phone.

Make a practice of downloading your text messages from your cell phone, printing them, and putting them in the patient’s file. Software for doing this is available online.

Of course, this only just scratches the surface when it comes to text messaging and protecting your clients’ privacy. There’s much, much more… So, let us know your questions and comments using the form below or, better yet, join us for our next Open Office Hours Q&A Session on Saturday, April 23rd, and bring your questions with you and share your experiences with our members!